CLAIMS 

Having thus described our invention, what we claim as new and desire 
to secure by Letters Patent is as follows: 

1 . A mathod of processing semiotic data, comprising: 

rebeiving biometric data including a data set P; 
selecting a function h, and for at least one of each said data set P to be 
collected, computing h(P)\ 

destroying said data set P\ and 

storing h(P) in a database, wherein said data set P cannot be extracted 
from h(P), \ 

2. The method according to claim 1, wherein said semiotic data comprises 
biometric data. \ 

3. The method according to claim 1, wherein said function h comprises a 
secure hash functioA 

4. The method accorcnng to claim 1, further comprising: 

to determine wmether P ' is a predetermined subject, comparing h(P ') to 

all available h(P)^ to determine whether there is a match. 
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5. The method adcording to claim 1, further comprising: 

selecting a private key/public key (K, k) once for all cases; and 

one of desn-oying said private key K and sending said private key K to 

a trusted party; andi 

choosing saiii function h as the public encryption function 

corresponding to A:. 1 

6. The method according to claim 5, wherein said data set P cannot be 
extracted from h(P)^ except by the trusted party. 

7. The method according to claim 5, further comprising: 

to determine whether some P ' is a predetermined subject, comparing 
said h(P ') to all availablA h(P)s\ and 

determining whetner there is a match. 

8. The method according to claim 5, wherein the trusted party comprises a 
panel of members, and I . 

wherein a secret is snared among the members so that only at least a 
predetermined number of paael members can reconstitute the secret in its 
entirety by putting together tneir share of the secret. 
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9. The method according to claim 1, wherein the data set P is not determined 
perfectly by its reading, 

wherein eacn reading gives a number Pi, wherein / is no less than 0, 
wherein PO is for anlinitial reading, and a secret version of said initial reading 
is stored after furtherWocessing thereof, 

wherein readiilg PO is different from Pi for i > 0, and the secret version 
of is different from! the secret version of Pi, such that no identification is 
possible by a direct comparison of the encrypted data. 

10. The method according to claim 9, further comprising: 

extracting sub-co|lections Sj from the collection of data in data set P; 
and I 

encrypting a predelermined number of such sub-collections such that at 
least one of the sub-collections is reproduced exactly with a predetermined 
probability. \ 

1 1 . The method according t4 claim 1 0, ftirther comprising: 

comparing encrypted Versions of the sub-collections Sj with those data 
stored in said database, 1 

wherein if one or morelof the sub-collection Sj matches with said data, 
then verification is deemed to mve occurred. 
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12. The method accor iing to claim 11, further comprising: 

each time a Pi, with / > 0, is read, computing all possible 

predetermined size var ations of Pi which correspond to an acceptable 

predetermined impreci ;ion of the reading; and 

encrypting all s jch modified data, and comparing said encrypted 

modified data to data stored in said database. 



13. The method accor iing to claim 1 2, wherein for a plurality of users of the 



same biometric infora 
differently for each us 



14. The method accoi|ding to claim 1, wherein said data set comprises a 
personal data set. 



15. A method of proc 



acquiring une 
encrypting, witn 
each said at least one 



destroying the 

storing each o 

wherein unencrypted 

data stored in said database. 
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ation, said biometric information is encrypted 



jssing biometric data, comprising: 
r crypted biometric data including at least one data set P\ 
one of a secure hash function and an identity function, 
< lata set acquired; 
unencrypted data set P; and 
the at least one encrypted data set in a database, 
)iometric data is not available nor retrievable from said 
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16. The method according to /claim 15, wherein said data set comprises a 
personal data set. / 

17. A method of extracting jbomponents of biometric data which are stable 
under measurement errorsJcomprising: 

acquiring unencrypted biometric data including at least one data set P\ 
encrypting each s^id at least one data set acquired to form at least one 
encrypted data set; / 

destroying the Unencrypted data set P\ and 

storing each sAid at least one encrypted data set in a database, wherein 
unencrypted biometmc data is not available nor retrievable from said data 
stored in said database. 

18. The method according to claim 17, wherein said data set comprises a 
personal data set/ 

19. A method of extracting components of biometric data which are stable 
vmder measurement errors, comprising: 

acquirfog unencrypted biometric data including at least one data set P; 
encryriting each said at least one data set acquired to form at least one 
encrypted dal a set; 
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\ 

destroying the un mcrypted data set P; and 

storing each said at least one encrypted data set in a database, wherein 
unencrypted biometric da a is not available nor retrievable from said data 
stored in said database, 

extracting sub-coll 

P; and 



sctions Sj from the collection of data in said data set 



encrypting a predetermined number of such sub-collections such that at 
least one of the sub-coUect^ns is reproduced exactly with a predetermined 
probability. 

20. The method according td claim 19, wherein said data set comprises a 
personal data set. 



21 . The method according to claim 1 9, further comprising: 

comparing encrypted versions of the sub-collections Sj with those data 



stored in said database, 

wherein if one or more 
then verification is deemed to 



of the sub-collection Sj matches with said data, 
lave occurred. 



22. The method according to c laim 21, wherein a data set P is not determined 



perfectly by its reading, such tl 
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no less than 0, wherein PO is for an initial reading, and a secret version of said 
initial reading is stored after fiirther Processing thereof, 

wherein reading PO is dififeifent from Pi for i > 0, and the secret version 
of PO is different from the secret /ersion of Pi, such that no identification is 
possible by a direct comparison fjf the encrypted data. 

23. The method according toMaim 21 , fiirther comprising: 

each time a data setyis read Pi, with / > 0, is read, computing all 
possible predetermined siL variations of Pi which correspond to an 
acceptable predetermined imprecision of the reading; and 

encrypting all such modified data, and comparing said encrypted 
modified data to data stored in said database. 



24. A system for/processing semiotic data, comprising: 

means fdi receiving semiotic data including a data set P; 
means/for selecting a fimction h, and for each said data set P to be 

collected, computing h(P); 

mejns for destroying said data set P; and 

means for storing h(P) in a database, wherein said data set P cannot be 
extractecyfrom h(P). 
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25. A system of processing semiotic data as in claim 25, wherein said semiotic 
data comprises biometiic data. 



26. The method accordijig to claim 24, wherein said data set comprises a 
personal data set. 

27. A system for verifyir g biometric data without storing unencrypted 
biometric data, comprising: 

means for acquirir g unencrypted biometric data including at least one 
data set P\ 

means for encryptilig each said at least one data set acquired to form at 
least one encrypted data se 

means for destroying the unencrypted data set P; and 
means for storing each said at least one encrypted data set in a 
database, wherein unencrypted biometric data is not available nor retrievable 
from said data stored in saiq database. 



28. The method according 
personal data set. 



) claim 27, wherein said data set comprises a 



29. A system for extracting components of biometric data which are stable 
under measurement errors, comprising: 
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acquiring unencrypted biometric data including at least one data set P; 
encrypting each|said at least one data set acquired to form at least one 
encrypted data set; 

destroying the unencrypted data set P; and 

storing each said at least one encrypted data set in a database, wherein 
unencrypted biometric dat^ is not available nor retrievable from said data 
stored in said database, 

extracting sub-colle<jtions Sj from the collection of data in said data set 



P;and 

encrypting a predete^ined 
least one of the sub-collectidns 



probability. 



30. The method according to 
personal data set. 



number of such sub-collections such that at 
is reproduced exactly with a predetermined 



claim 29, wherein said data set comprises a 



3 1 . A signal-bearing medium tangibly embodying a program of machine- 
readable instructions executabl| by a digital processing apparatus to perform a 
method for computer-implemenj^ed processing biometric data, said method 
comprising: 

receiving biometric data Including a data set P; 
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selecting a secure hash fuhction h, and for each data set P to be 
collected, computing h(P)\ / 
destroying said data seft P\ 

storing h(P) in a database, wherein said data set P cannot be extracted 
from h(P). I 

32. The method according/to claim 31, wherein said data set comprises a 
personal data set. / 

33. A signal-bearing meSdium tangibly embodying a program of machine- 
readable instructions e>^ecutable by a digital processing apparatus to perform a 
method for computer-piplemented verifying of biometric data without storing 
unencrypted biometrifc data, said method comprising: 

acquiring unencrypted biometric data including at least one data set P; 
encrypting etch said at least one data set acquired to form at least one 
encrypted data set; / 

destroying the unencrypted data set P; and 

storing each said at least one encrypted data set in a database, wherein 
unencrypted biorAetric data is not available nor retrievable from said data 
stored in said database. 



Y0999-137 



33 



34. The method according to claim 32, whei 
personal data set. / 



in said data set comprises a 



35. A signal-bearing medium tangibly dnbodying a program of machine- 
readable instructions executable by a digital processing apparatus to perform a 
method for computer-implemented e?rfracting components of biometric data 
which are stable imder measuremenyerrors, said method comprising: 

acquiring unencrypted bioirietric data including at least one data set P; 

encrypting each said at leafst one data set acquired to form at least one 
encrypted data set; / 

destroying the unencrypted data set P\ 

storing each said at least one encrypted data set in a database, wherein 
unencrypted biometric datd is not available nor retrievable from said data 
stored in said database; / 

extracting sub-(Sollections Sj from the collection of data in said data set 
P; and / 

encrypting i predetermined number of such sub-collections such that at 
least one of the snb-coUections is reproduced exactly with a predetermined 
probability. / 



36. The method according to claim 35, wherein said data set comprises a 
personal/data set. 
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